RSA-Series  
Version 2.2 software Release Notes

Notes and warnings:

1. These release notes apply to all models of the RSA-series.
2. Older
RSA-4122(W) models do not have sufficient storage space for firmware images with OSPF routing
    support. Firmware images with and without OSPF support are available.
3. The standard images do not contain BGP routing software. A firmware image for the RSA-4222(W4) with
    BGP support is available. Firmware with BGP support for other models is available on request.


Version 2.2.8
(release date: April 20, 2022)

Changes

  • Web terminal now shows indication when closed on time-out. The terminal screen is restarted by pressing
       the 'Enter' key.
  • Changed IPsec start-up procedure to avoid time-out when starting multiple tunnels with big RSA keys in
       the certificate.


  • Security updates and CVE fixes

  • Fixed various CVEs and updated access services.


    Bug fixes

  • Fixed SMS operation with the ML620EU WWAN modem after Dual SIM change-over.
  • Fixed memory leak caused by RADIUS authentication.
  • Fixed sending erroneous VPN "tunnel connection down/up" alert messages when rekeying the IPsec
       Phase2/Child SA while using DH group 15 or 16 for PFS.


  • Version 2.2.7
    (release date: March 2, 2022)

    Known issues

  • SMS operation with the ML620EU WWAN modem will fail after Dual SIM change-over. Sending SMS
       will operate again after a WWAN modem restart. This issue will be resolved in a following release.

  • New features

  • The WAN interfaces used for Dynamic NAT can now be selected individually.
  • Added "ping_restart" for (active) WWAN modem. (This feature is controlled by command line).
       Upon failing response from the pinged host, the WWAN modem will be restarted provided it is the active
       interface or the only interface in the WAN failover list. The ping address(es) as set in the WWAN entry
       for WAN failover will be used.
  • Increased the amount of configurable NTP server addresses from 2 to 4.

  • Bug fixes

  • Fixed bug in NTP client (NTP server connection stopped when non-resolvable name was entered).
  • Fixed bug in network monitor (check failed when same IP address was also used for WAN failover check).
  • Fixed "Interface List" indexing (used for Static routes and Network monitor).
  • Fixed DNS addresses received from the network by ML620EU WWAN modem.
  • Fixed SMS operation of ML620EU WWAN modem (see Known issue for Dual SIM operation).



  • Version 2.2.6
    (release date: January 21, 2022)

    Known issues (fixed in V.2.2.7)

  • When the same IP address and interface are used for both ping check of the WAN failover and the
       ping check of the Network Monitor, then one of the checks may fail. Use different IP addresses for
       each of these checks.

  • The indexing of the list of gateway interfaces for static routes and network monitoring contains a bug.
       After a reboot, or after removing WAN interfaces, the gateway (when selected from the 'Interface list')
       may point to a different interface than originally selected. This issue will be resolved in the next release.
       Note that settings for which the 'Interface list' was used, may be incorrect and may have to be
       configured again after loading new firmware.

  • NTP server connection will fail when a non-resolvable name is entered for one of the two DNS servers.

  • New features

  • Added support for ML620EU LTE450 WWAN module for utility companies.
  • Added 'Loss of Power' detection by means of the CI contact input. Note that a UPS, backup
       battery or Power supply buffer unit is needed.
  • Added 'Loss of Power' alert to Management>Alert messaging>Alert rules page.
  • Added automatic recovery of internal USB failures caused by surges or EMI/RFI events.
  • Added 'Boot reason' field to Management>Alert messaging>History page.

    Changes

  • Reduced WWAN down time on scheduled WWAN reconnect and operator-initiated WWAN reconnect.
  • Added 'Loss of Power' trap information to SNMP MIB file.

  • Bug fixes

  • Added attributes to XML Schema file for correct XML validation of V.2.2 configuration files.
  • Fixed detection of 1x20M-A2 add-on board.


  • Version 2.2.5
    (release date: November 18, 2021)

    Changes

  • Added the reason for an unsuccessful WWAN PDP context activation or PDP context deactivation in
       the log for SIM7600G-H module.

  • Bug fixes

  • Added SIM7600G-H initialisation to set the module's MTU to 1500 in all cases.
  • Fixed WWAN issue with changing from a wrong/invalid APN to a correct APN.


  • Version 2.2.4
    (release date: October 12, 2021)

    Known issues (fixed in V2.2.5)

  • "W4" versions with the SIM7600G-H WWAN module may have MTU issues depending on the mobile
       operator.
    The WWAN MTU may have to be changed to 1430.
  • When changing from a wrong/invalid APN to a correct APN the WWAN data link may sometimes not
       be initiated until a full device reboot.
  • New features

  • Added RFC 4638 MTU negotiation for PPPoE links over EthWAN. This enables MTU sizes up to 1500.
  • Changes

  • Changed behaviour on accidental reset of internal GPIO expander. GPIO expander will be re-initialised
       instead of forcing a device reboot.
  • Changed behaviour upon loading wrong firmware version: no forced reboot will follow.
  • Changed the "model vs firmware check" to be less strickt in order to avoid false negatives.
  • Reduced reconnect-time after operator-initiated forced WWAN data reconnect.


    Bug fixes

  • Fixed VPN LED behaviour upon re-authentication of multiple IPsec tunnels at the same time.
  • Fixed setting of SHA256 authentication algorithm for OpenVPN.
  • Fixed device entering RS232 console mode after firmware update.
  • Fixed SIM7600 occasional hang-up and added additional WWAN control watchdog.
  • Fixed RADIUS handling of unknown attributes or unknown vendor-specific attributes.
       Unknown attributes are now ignored.

     

  • Version 2.2.3
    (release date: August 27, 2021)

    Known issues (all fixed in V2.2.4)
  • After a firmware update, the unit will restart in console mode on the RS232 port.
       Console mode will be disabled again after the first reboot.
  • The "model vs firmware check" which checks if the firmware matches the hardware, in some cases
       is too strickt. To disable this check, use this shell command:
    'dbctl set /update/firmware_check false'
  • Selecting authentication algorithm SHA256 for OpenVPN will fail.
  • Internal SIM7600G WWAN modem may stop operation occasionally which may require a device
       reboot to resolve.
  • The VPN LED may remain off after a re-authentication of multiple IPsec tunnels at the same time.
  • RADIUS authentication can fail after receiving an unknown attribute or unknown vendor attribute.


  • New features
  • Increased maximum string size for sysname, syslocation and syscontact from 32 to 64.
  • Model check upon Firmware uploads. (loading firmware for wrong model is refused by default).
  • Model check upon Config file uploads. (loading configuration file for wrong model is refused by default).


    Bug fixes
  • Fixed stacktraces after closing 'atcom' command line tool.
  • Fixed Ethernet re-init on link-up.
  • Fixed APN name check on changes of APN configuration in "W1" WWAN versions.
     

  • Version 2.2.2
    (release date: July 14, 2021)

    New features
  • Added support for "W1" WWAN versions.


    Bug fixes
  • Fixed WWAN port initialisation directly after firmware update.
  • Fixed upload of firmware and settings files with brackets in the file name.
     

  • Version 2.2.1
    (release date: June 30, 2021)


    Known issues

  • Directly after a firmware update to V2.2.1, the WWAN port of the "W" versions will not be
       activated properly. After the first reboot of the unit, the WWAN port will be operational.
  • This software version is not suited for the "W1" WWAN versions.
       The "W1" versions will be supported in the next software release.    
  • New features
  • Added "enable" parameters to scripts so that running a script (Boot_post, Firewall_post and
        SMS_control) can be enabled/disabled by means of a single parameter in the database.
  • Added Network monitoring tool which allows for checking individual hosts via LAN or WAN
       interfaces of choice. The results can be seen in the web interface and via SNMP.
  • Updated MIB file with OIDs for Network Monitoring tool.
  • Added info on type and size of system Flash memory in database at /system/info/flash
  • Added "Do not verify SSL certificates" option for "Update from remote server". This allows
      for (less secure) downloads from https web servers without having to load the CA certificate
      or certificate chain of the web server.
  • Added monitoring and storage of settings of the Flow cache mechanism (hardware acceleration)
      for debugging purposes.


    Changes  
  • Improved handling of SIM errors at boot time with older (slower) SIM cards.
  • Improved handling of connection mode for WWAN "Connect On Demand" mode.  
  • Improved "early detect of WWAN module" to speed up module startup.  
  • Improved SNMP response time for Bridge-MIB and MuLogic RSA-MIB OIDs.  
  • Added feedback of download errors upon a failed "Update from remote server" action.
  • Added enable/disable(default) of nvram writing in PLS8-E WWAN modem. Upon update from V2.1
      firmware, those settings that were already written in nvram will not be overwritten.  
  • "Last seen" info of ARP table is no longer stored in settings file but as a separate file.
      This change drastically reduces the frequency of writing in flash memory.  
  • Increased time-out for WWAN data attach.


    Bug fixes
  • Fixed SNMP "rsaWwanSwVer" OID.  
  • Added "UTC" time zone and corrected some time zone names (names with spaces were truncated).
  • Fixed MTU setting of WWAN data interfaces.  
  • Fixed static routing via EthWAN interfaces.


  • Version 2.2.0
    (release date: April 12, 2021)

    Known issues

  • This software version is not suited for the "W1" WWAN versions.
       The "W1" versions will be supported in the next software release.    
  • New features

  • XFRM interfaces for IPsec tunnels

       The standard way for IPsec to determine what traffic is destined
       for the tunnel is by means of security policies. These policies
       have priority over routes, which means that the normal routing
       table has no influence over what traffic is encrypted.

       This can be confusing and cumbersome, for example when traffic is
       to be directed by means of a routing protocol.
       A way to overcome this problem is to let the IPsec tunnel terminate
       at a local virtual interface. This interface can be given an IP
       address but can also be used without IP address. We refer to this
       as "Route-based IPsec", as opposed to "Policy-based IPsec".

       With route-based IPsec, the actual IPsec tunnel still will be
       policy-based so that one end can have the tunnel terminated at an
       xfrm interface and use normal routing, while the other end uses the
       security policy to determine where the traffic goes.

       The default policy for route-based IPsec is 0.0.0.0/0 to 0.0.0.0/0
       for all types of traffic. The policy can be changed at will in order
       to facilitate a policy based remote or to distinguish the various
       tunnels in a hub-spoke configuration that are using the "anonymous
       address" mode.

  • MAC address filtering

       MAC address filtering adds an extra layer of protection for access
       from devices connected to the local LAN ports. Access is based on MAC
       address rather than IP address.

  • DHCP Relay Agent

       A DHCP Relay agent allows DHCP clients to reside on a different network
       than the DHCP server.

  • Hashed passwords for management access
      
       Passwords for management access of the unit can now be hashed before
       stored.

  • SMS control

       All models with internal WWAN modem or support for external WWAN
       modems now can be controlled via SMS. Commands for reboot, WWAN
       on/off and DSL on/off are standard. More can follow on demand.
       Custom made SMS commands can be created by means of a script.
       All entries of the settings database and all shell commands are available
       for script-based SMS control.

  • Support for Dual-SIM WWAN versions

       Dual-SIM versions support automatic failover between two SIM cards.
       Various criteria for failover action are available.

  • Support for external WWAN modems

       External (MuLogic) WWAN modems can now be combined with the
       internal WWAN modem in order to have two or more fully functioning
       WWAN connections at the same time. The models with USB ports and
       no internal WWAN can support up to two external WWAN modems.

  • Download of syslog on USB flash drive

      The syslog file that is stored on an external USB flash drive can now
      be downloaded via the web browser by means of a simple mouse click.


  • Changes with respect to the most recent V2.1 release

  • Reduced firmware image size

       The size of the firmware images has been reduced so that the full
       featured firmware releases will fit again in older RSA-4122 models
       and to allow more space for future feature enhancements.

  • New WWAN control software

       Support for SIM7600G-H module.
       Added graphs for 4G RSRP/RSRQ and 3G RSCP/EcIo in web interface.

  • Added SMNP OIDs

       - Signal and quality reporting for 3, 4G and 5G RAT modes.
       - Data counters in kbytes and Mbytes.
       - Last month data counter total in Mbyte.
       - IMEI (module) and IMSI/ICCID (SIM card) numbers.
       - Cell identification (LAC/TAC, PSC, PLMN).
       - Serial number and Hardware address.
       - Uptime (uptime of system, rather than uptime of the SNMP daemon).
       - Boot reason.

  • ADSL/ATM layer monitoring in watchdog
     
       The operation of the ATM layer for ADSL links has been added to the
       "DSL connection" part of the system watchdog.

  • IP interface name of WWAN devices

       All WWAN IP interfaces are (internally) named "wwan0", "wwan1" now.
       In previous versions this was a mix of "ppp", "usb" and "wwan" etc,
       depending on the type of WWAN modem used.